Quickly protect VMs against advanced threats

In just a few clicks, you can enable Shielded VMs to help protect against threats such as
malicious project insiders, malicious guest firmware,
and kernel- or user-mode vulnerabilities.

Ensure workloads are trusted and verifiable

Shielded VMs help protect your virtual machines against rootkits and boot- and kernel-level
malware with secure and measured boot capabilities.
Using a vTPM, Shielded VMs provide a virtual root-of-trust to verify VM identity and ensure
they’re part of your specified project and region.

Help protect secrets against exfiltration and replay

Using Shielded VMs, secrets generated or protected by a vTPM are sealed to a VM and
only revealed once integrity is verified.

Shielded VMs features

Verifiable integrity with secure and measured boot

Secure boot helps prevent malicious code from being loaded early in the boot sequence.
Measured boot ensures the integrity of the bootloader and kernel and boot drivers to guard
against malicious modifications to the VM.

Trusted UEFI firmware

Tamper-evident attestations

Gain insight into the integrity state of Shielded VMs with tamper-evident attestation claims available in
Stackdriver Logging and
Monitoring.
These integrity measurements help identify changes from the “healthy” baseline of your VM
and current runtime state.

Live migration and patching

Keep your virtual machine instances running even when a host system event occurs, such as
a software or hardware update.